Salvatore Bonaccorso
2023-Feb-18 19:30 UTC
[Pkg-xen-devel] Bug#1031567: xen: CVE-2022-27672: XSA-426: x86: Cross-Thread Return Address Predictions
Source: xen
Version: 4.17.0+24-g2f8851c37f-2
Severity: grave
Tags: security upstream
X-Debbugs-Cc: carnil at debian.org, Debian Security Team <team at
security.debian.org>
Hi,
The following vulnerability was published for xen, filling with RC
severity (for ideally fixed before bookworm release):
CVE-2022-27672[0]:
| When SMT is enabled, certain AMD processors may speculatively execute
| instructions using a target from the sibling thread after an SMT mode
| switch potentially resulting in information disclosure.
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2022-27672
https://www.cve.org/CVERecord?id=CVE-2022-27672
[1] https://xenbits.xen.org/xsa/advisory-426.html
Regards,
Salvatore
Debian Bug Tracking System
2023-Feb-24 18:39 UTC
[Pkg-xen-devel] Bug#1031567: marked as done (xen: CVE-2022-27672: XSA-426: x86: Cross-Thread Return Address Predictions)
Your message dated Fri, 24 Feb 2023 18:35:23 +0000 with message-id <E1pVcuh-007RFH-9q at fasolo.debian.org> and subject line Bug#1031567: fixed in xen 4.17.0+46-gaaf74a532c-1 has caused the Debian Bug report #1031567, regarding xen: CVE-2022-27672: XSA-426: x86: Cross-Thread Return Address Predictions to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact owner at bugs.debian.org immediately.) -- 1031567: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1031567 Debian Bug Tracking System Contact owner at bugs.debian.org with problems -------------- next part -------------- An embedded message was scrubbed... From: Salvatore Bonaccorso <carnil at debian.org> Subject: xen: CVE-2022-27672: XSA-426: x86: Cross-Thread Return Address Predictions Date: Sat, 18 Feb 2023 20:30:31 +0100 Size: 2357 URL: <http://alioth-lists.debian.net/pipermail/pkg-xen-devel/attachments/20230224/7aa22cd6/attachment.eml> -------------- next part -------------- An embedded message was scrubbed... From: Debian FTP Masters <ftpmaster at ftp-master.debian.org> Subject: Bug#1031567: fixed in xen 4.17.0+46-gaaf74a532c-1 Date: Fri, 24 Feb 2023 18:35:23 +0000 Size: 6676 URL: <http://alioth-lists.debian.net/pipermail/pkg-xen-devel/attachments/20230224/7aa22cd6/attachment-0001.eml>
Maybe Matching Threads
- Bug#1033297: xen: CVE-2022-42331 CVE-2022-42332 CVE-2022-42333 CVE-2022-42334
- Bug#1029830: xen: CVE-2022-42330
- Bug#1056928: xen: CVE-2023-46835 CVE-2023-46836
- Bug#859560: xen: CVE-2017-7228: x86: broken check in memory_exchange() permits PV guest breakout (XSA-212)
- Updated Xen packages for XSA 216..225